<!DOCTYPE html>
<html>

<head>
  <title>Home page</title>
  <link rel="icon" href="/icon.png" type="image/png" />
  <script>
    window.onload = () =>{
      /**
       * this section renames example.com for the real hostname
       * it's required for multi cookie domain suite
       * */
      const hostname = window.location.hostname
      const protocol = window.location.protocol
      const port = window.location.port
      const domain = hostname.replace(/^\w+\.(.+)$/i, "$1")
      const newDomain = `${domain}:${port}`
      document.body.innerHTML = document.body.innerHTML.replace(/example.com:8080/ig, newDomain)
    }

  </script>
</head>

<body>
  <h1>Access the secret</h1>
  <span style="font-size: 1.2em; color: red">You need to log in to access the secret!</span><br /><br /> Try to access
  it using
  one of the following links to test access control powered by Authelia.<br />
  <ul>
    <li>
      public.example.com <a href="https://public.example.com:8080/"> /</a>
    </li>
    <li>
      secure.example.com <a href="https://secure.example.com:8080/secret.html"> / secret.html</a>
    </li>
    <li>
      singlefactor.example.com <a href="https://singlefactor.example.com:8080/secret.html"> / secret.html</a>
    </li>
    <li>
      deny.example.com <a href="https://deny.example.com:8080/secret.html"> / secret.html</a>
    </li>
    <li>
      dev.example.com
      <ul>
        <li>Groups
          <ul>
            <li>
              <a href="https://dev.example.com:8080/groups/admin/secret.html"> / groups / admins / secret.html</a>
            </li>
            <li>
              <a href="https://dev.example.com:8080/groups/dev/secret.html"> / groups / dev / secret.html</a>
            </li>
          </ul>
        </li>
        <li>Users
          <ul>
            <li>
              <a href="https://dev.example.com:8080/users/john/secret.html"> / users / john / secret.html</a>
            </li>
            <li>
              <a href="https://dev.example.com:8080/users/harry/secret.html"> / users / harry / secret.html</a>
            </li>
            <li>
              <a href="https://dev.example.com:8080/users/bob/secret.html"> / users / bob / secret.html</a>
            </li>
          </ul>
        </li>
      </ul>
    </li>
    <li>
      admin.example.com <a href="https://admin.example.com:8080/secret.html"> / secret.html</a>
    </li>
    <li>
      mx1.main.example.com <a href="https://mx1.mail.example.com:8080/secret.html"> / secret.html</a>
    </li>
    <li>
      mx2.main.example.com <a href="https://mx2.mail.example.com:8080/secret.html"> / secret.html</a>
    </li>
    <li>
      oidc.example.com <a href="https://oidc.example.com:8080/">/</a> (only in OIDC suite).
    </li>
  </ul>

  You can also log off by visiting the following <a
    href="https://login.example.com:8080/logout?rd=https://home.example.com:8080/">link</a>.

  <h1>List of users</h1>
  Here is the list of credentials you can log in with to test access control.<br />
  <br /> Once first factor is passed, you will need to follow the links to register a secret for the second
  factor.<br /> Authelia
  will send you a fictitious email in a <strong>fake webmail</strong> at <a
    href="https://mail.example.com:8080/">https://mail.example.com:8080/</a>.<br />
  It will provide you with the link to complete the registration allowing you to authenticate with 2-factor.

  <ul>
    <li><strong>john / password</strong>: belongs to <em>admin</em> and <em>dev</em> groups.</li>
    <li><strong>bob / password</strong>: belongs to <em>dev</em> group only.</li>
    <li><strong>harry / password</strong>: does not belong to any group.</li>
  </ul>

  <h1>Access control rules</h1>
  <p></p>These rules are extracted from the configuration file
  <a href="https://github.com/authelia/authelia/blob/master/config.template.yml">config.template.yml</a>.</p>
  <pre id="rules" style="border: 1px grey solid; padding: 20px; display: inline-block;">
  default_policy: deny

  rules:
    # Rules applied to everyone
    - domain: public.example.com
      policy: two_factor
    - domain: singlefactor.example.com
      policy: one_factor

    # Rules applied to 'admins' group
    - domain: 'mx2.mail.example.com'
      subject: 'group:admins'
      policy: deny
    - domain: '*.example.com'
      subject: 'group:admins'
      policy: two_factor

    # Rules applied to 'dev' group
    - domain: dev.example.com
      resources:
        - '^/groups/dev/.*$'
      subject: 'group:dev'
      policy: two_factor

    # Rules applied to user 'john'
    - domain: dev.example.com
      resources:
        - '^/users/john/.*$'
      subject: 'user:john'
      policy: two_factor


    # Rules applied to user 'harry'
    - domain: dev.example.com
      resources:
        - '^/users/harry/.*$'
      subject: 'user:harry'
      policy: two_factor

    # Rules applied to user 'bob'
    - domain: '*.mail.example.com'
      subject: 'user:bob'
      policy: two_factor
    - domain: 'dev.example.com'
      resources:
        - '^/users/bob/.*$'
      subject: 'user:bob'
      policy: two_factor
  </pre>
</body>

</html>
